Applicant: Ding, etal. 
Filed: May 15,2006 
Preliminary Amendment 

What's claimed is: 

Claim 1 (Original) A digital signature scheme based on braid group conjugacy problem, 
parameters involved in this scheme comprising a signatory S, a signature verifying party V, a 
message M needing signature, an integer n for the number of generators in the braid group, an 
integer m for the number of generators in the left subgroup, an integer / for the upper bound of 
the length of a braid, a braid group B„ (I), a left subgroup L (I) of (I), a right subgroup RB^^i. 

m(l) of 5„ (/), a one way hash fimction h fi*om bit sequence {0, 1 } *to braid groups 5„ (/); said 
signature scheme comprising the following steps of: 

Step 1 . the signatory ( S) selecting three braids xeLB^ (l)^ ' e B^{r),ae B^ (/), and 

making them meet x -a'^xa^ moreover, with known x and x\it being impossible to find a in 
calculation, and considering braid pair(x \x) as a public key of signatory (S), braid a as a private 
key of signatory (S); 

Step 2. signatory (S) using hash fimction h for message (M) needing signature to get 
y=h(M)eBM 

Step 3. generating a braid b e RBn-i-mO) at random, then signing the message (M) with 
the own private key a and the generated random braid b to obtain Sign(M)=d^ byb'^ a\ and 

Step 4. the signatory (5 ) outputting message {M) and the signature of message (M) 
Sign(M). 
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Claim 2 (Original) The digital signature scheme based on braid group conjugacy problem 
according to claim 1, wherein generating the public key braid pair (x \x) and the private key braid 
a of signatory (S) in said step 1 comprises the following steps of: 

Step la. selecting a distance ^between system parameter braid groups public key pairs; 

Step lb. representing jc into the left canonical form x=A\\n2 ...tc/; 

Step Ic. selecting a braid b at random to belong to a set 5^ (5 I) 
Step Id. calculating x = ^ *-^^,a=6; 

Step le. generating a bit at random, if 1, calculating x =decycling(x ), a= ani\ if not 1, 
calculating X ^cycling(x), a= ai'(Ki)\ 

Step If. judging whether belongs to SSS(x) and whether l(x) <rf, if all the conditions 
are yes, outputting the braid pair(jc, a: ) as the public key, a as the private key; if either of them is 
not, performing step le. 

Claim 3 (Original) The digital signature scheme based on braid group conjugacy problem 
according to claim 1, wherein the process for obtaining >'=/z^A() € (I) by using the hash 

function h in said step 2 comprises the following steps of: 

Step 2a, selecting an ordinary hash function with a length of output H(M) is / 
[log(2,n!)J, then dividing H(M) into / sections ... ||/? / in equal at one time; 

Step 2b, corresponding Ri to a permutation braid Ai, then calculating h(M) =AI*A2...Al , 
that is the h(M) required. 
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Claim 4 (Cxirrently Amended) The digital signature scheme based on braid group conjugacy 
problem according to claim 1 , 2 or 3, wherein a integer n for the number of generators in a braid 
group is in the range of 20^-30, an upper value of the braid length is 1=3, d=4, and an left 
subgroup «-/n=4. 

Claim 5 (Original) A verifying method based on braid group conjugacy digital signature scheme, 
comprising the following steps of: 

Step 1 . a signature verifying party ( V) obtaining a public key of a signatory (S ) after 
receiving a message( M) and its signature Sign(M) transmitted from the signatory ( S)\ 

Step 2. calculating the message Af by employing a system parameter hash function /z, and 
obtaining j;=/?('A9; 

Step 3. judging whether sign(M) and y are conjugate or not, if not, sign(M) is an illegal 
signature, and the verification fails; if yes, perform step 4; and 

Step 4. calculating sign(M) x ' and xy by using the public key of obtained S, and judging 
whether they are conjugate or not, if not, sign(M) is an illegal signature, the verification fails; if 
yes, sign(M) is the legal signature of message (M). 

Claim 6 (Original) The verifying method based on braid group conjugacy digital signature 
scheme according to claim 5, wherein the form of obtaining the public key of signatory(5 ) in 
step 1 is an out-band form or a form of receiving the public key transmitted from signatory (5). 
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Claim 7 (Original) The verifying method based on braid group conjugacy digital signature 
scheme according to claim 5, wherein algorithm BCDA is employed in judging whether sign(M) 
mdy are conjugate or not in step 3 and judging whether sign(M) x ' and xy are conjugate or not in 
step 4. 

Claim 8 (Original) A digital signature scheme based on braid groups conjugacy problem and 
verifying method thereof, parameters involved in this method comprising a signatory S, a 
signature verifying party V, a message M needing signature, an integers? for the number of 
generators in the braid group, an integer m for the number of generators in the left subgroup, an 
integer / for the upper bound of the length of a braid, a braid group (I), a left subgroup L B„ (I), 
a right subgroup RBn.i-m(l)^ ^ one way hash function h mapped from bit sequence {0,1 }*to braid 
groups B^ (/); comprising the following steps of: 

Step 1 . the signatory( S) selecting three braids xsLB„(l),x* e B^(l),ae B„ (/), and 

making them meet jc -a^xa, moreover, with the known x and x ' , it is impossible to find a in 
calculation, and considering a braid pair(jc \x) as a public key of the signatory (5^, a braid a as a 
private key of signatory (S); 

Step 2. signatory (S) using a hash function h for message (M) needing signature to get 

y^h(M)eBM 

Step 3. generating a braid b e RBn-i.m(l) at random, then signing the message (M) with the 
private key a and the braid b generated randomly to obtain Sign(M)=a^byb'^a; 
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Step 4. the signatory (S ) outputting the message (M) and its signature Sign(M) to the 
signature verifying party (V); 

Step 5. the signature verifying party ( V) obtaining the public key of signatory (5 ) after 
receiving the message( A/) and the signature of message (M) Sign(M) transmitted from 
signatory(5^; 

Step 6. calculating message Mby employing a system parameter hash function /?, to 
ohXdxn y=h(M)\ 

Step 7. judging whether sign(M) mdy are conjugate or not, if not, sign(M) is an illegal 
signature, the verification fails; if yes, perform step 8; and 

Step 8. calculating sign(M) x ' and xy by using the obtained public key of signatory ( S), 
and judging whether they are conjugate or not, if not, sign(M) is an illegal signature, and the 
verification fails; if yes, sign(M) is a legal signature of message (M). 

Claim 9 (Original) The digital signature scheme based on braid group conjugacy problem and 
verifying method thereof according to claim 8, wherein generating the public key braid pair 
{x \x) and private key braid a of signatory (S) in said step 1 comprises the following steps of: 

Step la. selecting a distance between system parameter braid groups public key pair; 

Step lb. representing X into left canonial form x=A"7Ci7C2 —tc/; 

Step Ic. selecting a braid b at random to belong to set B ^(5 I) 
Step Id. calculating ,a=b\ 
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Step le. generating a bit at random, if 1, calculating x =decycling(x), a= ani\ if not 1, 
calculating X =cyc/m^fx), a= aT^(ni)\ and 

Step If. judging whether x belongs to SSS(x) and whether l(x) <^d, if all conditions are 
yes, outputting braid pair(x, jc ) as the public key, a as the private key; if either of them is not, 
performing step le. 

Claim 10 (Original) The digital signature scheme based on braid group conjugacy problem and 
verifying method thereof according to claim 8, wherein the process for ohXaining y=h(M) e (I) 

by using hash function h in said step 2 comprises the following steps of: 

Step 2a. selecting an ordinary hash function //, with a length of its output H(M) is / 

[log(2, n!) 7, then dividing H(M) into / sections /?/ 1 1/?2| I • • 1 1^? / in equal at one time; and 

Step 2b. corresponding Ri to a permutation braid Ai, then calculating h(M) =A1 *A2..,Al , 

that is the h(M) required. 

Claim 1 1 (Currently Amended) The digital signature scheme based on braid group conjugacy 
problem and verifying method thereof according to claim 8, 9 or 10 wherein n for the number of 
the generation braids in the braid group is in the range of 20-30, an upper value of the braid 
length is /=i, d==4, and an left subgroup /7-w=4. 

Claim 12 (Original) The digital signature scheme based on braid group conjugacy problem and a 
verifying method thereof according to claim 8, wherein algorithm BCDA is employed in judging 
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whether sign(M) and y are conjugate or not in step 7 and judging whether sign(M) x ' and xy are 
conjugate or not in step 8. 

Claim 13 (New) The digital signature scheme based on braid group conjugacy problem according 
to claim 2, wherein a integer n for the number of generators in a braid group is in the range of 
20-'30, an upper value of the braid length is 1=3, d=4, and an left subgroup «-w=4. 

Claim 14 (New) The digital signature scheme based on braid group conjugacy problem according 
to claim 3, wherein a integer n for the number of generators in a braid group is in the range of 
20^-^30, an upper value of the braid length is d=4, and an left subgroup «-/w=4. 

Claim 15 (New) The digital signature scheme based on braid group conjugacy problem and 
verifying method thereof according to claim 9, wherein n for the number of the generation braids 
in the braid group is in the range of 20--30, an upper value of the braid length is /=5, d=4, and an 
left subgroup n-/w=4. 

Claim 16 (New) The digital signature scheme based on braid group conjugacy problem and 
verifying method thereof according to claim 10, wherein n for the number of the generation 
braids in the braid group is in the range of 20'-30, an upper value of the braid length is 1=3, d=4, 
and an left subgroup /i-w=4. 
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